Добавил пример с Oauth2

pom.xml

@@ -25,6 +25,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>org.springdoc</groupId>

src/main/java/org/sadtech/example/swagger/config/OpenApiConfig.java

@@ -1,8 +1,11 @@
 package org.sadtech.example.swagger.config;
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.info.Contact;
 import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
 
 /**
  * @author upagge 30.12.2020
@@ -18,6 +21,24 @@ import io.swagger.v3.oas.annotations.info.Info;
                 )
         )
 )
+//@SecurityScheme(
+//        name = "Oauth2",
+//        type = SecuritySchemeType.OAUTH2,
+//        flows = @OAuthFlows(
+//                authorizationCode = @OAuthFlow(
+//                        tokenUrl = "https://oauth.mocklab.io/oauth/token",
+//                        refreshUrl = "https://oauth.mocklab.io/oauth/token",
+//                        authorizationUrl = "https://oauth.mocklab.io/oauth/authorize",
+//                        scopes = {@OAuthScope(name = "profile"), @OAuthScope(name = "email")}
+//                )
+//        )
+//)
+@SecurityScheme(
+        name = "jsessionid",
+        in = SecuritySchemeIn.COOKIE,
+        type = SecuritySchemeType.APIKEY,
+        paramName = "JSESSIONID"
+)
 public class OpenApiConfig {
 
 }

src/main/java/org/sadtech/example/swagger/config/SecurityConfig.java

@@ -0,0 +1,28 @@
+package org.sadtech.example.swagger.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        return http
+                .cors().disable()
+                .oauth2Login()
+                .and()
+                .authorizeHttpRequests(
+                        registry -> registry
+                                .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html")
+                                .permitAll()
+                                .anyRequest().authenticated()
+                )
+                .build();
+    }
+
+}

src/main/java/org/sadtech/example/swagger/controller/PointController.java

@@ -35,8 +35,8 @@ public class PointController {
     @PostMapping("{key}")
     @Operation(summary = "Управление баллами", description = "Позволяет удалить или добавить баллы пользователю")
     public HttpStatus changePoints(
-            @PathVariable @NotBlank @Parameter(description = "Идентификатор пользователя") String key,
-            @RequestParam("point") @Min(0) @Parameter(description = "Количество баллов", required = true) Long point,
+            @PathVariable @NotBlank @Parameter(description = "Идентификатор пользователя", example = "key1") String key,
+            @RequestParam("point") @Min(0) @Parameter(description = "Количество баллов", required = true, example = "10") Long point,
             @RequestParam("type") @Parameter(description = "Тип операции", required = true) TypeOperation type
     ) {
         final UserDto userDto = repository.get(key);

src/main/java/org/sadtech/example/swagger/controller/UserController.java

@@ -1,6 +1,7 @@
 package org.sadtech.example.swagger.controller;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.sadtech.example.swagger.dto.UserDto;
 import org.springframework.http.HttpStatus;
@@ -48,9 +49,12 @@ public class UserController {
         return HttpStatus.OK;
     }
 
+    @SecurityRequirement(name = "jsessionid")
     @GetMapping(value = "{key}", produces = APPLICATION_JSON_VALUE)
     @Operation(summary = "Получить пользователя")
-    public ResponseEntity<UserDto> getSimpleDto(@PathVariable("key") String key) {
+    public ResponseEntity<UserDto> getSimpleDto(
+            @PathVariable("key") String key
+    ) {
         return ResponseEntity.ok(repository.get(key));
     }
 

src/main/resources/application.yml

@@ -1 +1,25 @@
-
+#springdoc:
+#  swagger-ui:
+#    oauth:
+#      client-id: mocklab_oidc
+#      client-secret: whatever
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          mocklab:
+            provider: mocklab
+            client-authentication-method: basic
+            authorization-grant-type: authorization_code
+            scope: profile, email
+            redirect-uri: http://localhost:8080/login/oauth2/code/
+            clientId: mocklab_oidc
+            clientSecret: whatever
+        provider:
+          mocklab:
+            authorization-uri: https://oauth.mocklab.io/oauth/authorize
+            token-uri: https://oauth.mocklab.io/oauth/token
+            user-info-uri: https://oauth.mocklab.io/userinfo
+            user-name-attribute: sub
+            jwk-set-uri: https://oauth.mocklab.io/.well-known/jwks.json